Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
- 3rd side (hint)
Trusted Computing Base (TCB)
|
The collection of hardware and software that security depends on. Should be as small as possible
|
|
|
Message Authentication Codes (MAC)
|
Short piece of info to authenticate a message and provide integrity insurance
|
Allows verifiers (who possess the secret key) to detect changes to the message content
|
|
Logic of Authorization
|
The proofs that we did in class
|
|
|
Hash Function
|
Any algorithm that maps data of variable length to data of a fixed length
|
|
|
PreImage Resistance
|
Given a hash h it should be difficult to find any message m such that h=hash(m)
|
|
|
2nd PreImage Resistance
|
Given an input m1 it should be difficult to find another input m2 such that m1 and m2 are not equal but hash(m1) = hash(m2)
|
Functions that lack this property are vulnerable to second preimage attacks
|
|
Collision Resistance
|
Should be difficult to find two different messages m1 and m2 such that hash(m1) = hash(m2). A pair is called a cryptographic hash collision
|
Requires a hash value twice as long as what is required in preimage resistance
|
|
Access Control List
|
List of permissions attached to an object, specifies which users are granted access, or what operations are allowed on given objects
|
|
|
Reference Monitor
|
Defines a set of design requirements, enforces users and processors ability to perform operations (read or write files for example)
|
|
|
Trusted Computing Group
|
Initiative to implement Trusted Computing
|
Included with computers to make them trustworthy
|
|
Cryptographic Hash Function
|
Hash function that takes an arbitrary block of data and returns a fixed size bit string (the cryptographic hash value) so that any change to the data will change the hash value
|
|
|
4 properties of a good Hash Function
|
Easy to compute hash value for any message, infeasible to generate a message that has a given hash, infeasible to modify a message without changing the hash, can't find two messages with the same hash
|
|
|
Trusted Platform Module
|
Offers secure generation of cryptographic keys, random number generator, sealed storage
|
|
|
Trusted Computing
|
Computer behaves in expected ways enforced by computer hardware and software.
|
This is done by loading the hardware with a unique encription key innaccessable to the rest of the system
|
|
Sealed Storage
|
Generates keys based on identiy of software requesting to use them and identity of the computer on which the software is running
|
Keys can be generated whenever they are needed, other computers or users cannot unseal the data
|
|
One-Way Function
|
is a function that is easy to compute on every input, but hard to invert given the image of a random input.
|
|
|
Border Gateway Protocol (BGP)
|
Autonomous System (AS) has border routers that 'speak' BGP with BGP peers at border routers in neighboring AS
|
AS's that send traffic to each other have a BGP session using TCP to communicate info creates global connectivity
|
|
False Path Attack
|
AS 4 wants to draw traffic from AS2 to announces a shorter path to IP prefix X,
|
|
|
False Origin Attack
|
Address Spacke Hijacking - AS 1 annunces a false advertisement for IP prefix X.
|
|
|
Resource Public Key Infrastructure
|
How we determine ownership of IP address and Autonomous System (AS) numbers
|
Can sign things to prevent false origin or path attacks
|